The COVID-19 pandemic significantly altered how medical practitioners provide care to patients. Medical centers are responding to the pandemic through a rapid adoption of digital tools and technologies such as telemedicine and virtual care.

1. www.mirrorreview.com
™
LEADER’S
INSIGHT
Travel Industry in
COVID-19
December 2020
Management
FOREMOST
COMPANIES OF 2020
RISK
LOW HIGH
Medium
PIONEERING COMMODITYTRADING AND RISK MANAGEMENT
SOFTWARE SOLUTIONS
COMFIN
SOFTWARE
GERALD NEHER
CEO & MD
Redefining Cyber Risk
Management

4. P
EDITOR’S
LETTER
IMAGE
CREDIT:
HURCA

5. Prepared for The Future
hile the world was gradually moving towards being virtual, the
pandemic changed the course of the digital platform overnight. Work
from home became the new normal. Consequently, this also gave rise to
cyber breaches. In order to mitigate these risks, the integration of risk
management became vital. Moreover, these issues highlighted the importance of
risk management assistance. The industry is budding with several risk
management companies, but the unprecedented crisis managed to segregate the
leading risk management companies amongst the crowd.
In our latest issue, “The 10 Foremost Risk Management Companies of 2020”, we
have featured such companies that are prepared for the future. These companies
have developed robust risk processes and helped their clients identify, assess,
manage, report, and limit the risks they faced—despite the crisis.
On the cover, we have featured ComFin Software, which deals with Commodity
training and risk management. It is a veteran in the industry and since 1997, has
been providing trading and risk management solutions to customers in the global
oil and gas sector. Furthermore, readers will also find the leading risk and
compliance management solution providers offering unique solutions in risk,
compliance, content, and mappings.
As the risk landscape is changing fast, many new risks and strategies are
prospering. To help the readers understand these demographics we have covered
the leader's perception in the section “Leader's Insight”. The C-Suite has shared
their thoughts on the travel industry in COVID-19 and how cyber risk
management will be redefined. Furthermore, in the section “Success Story”,
readers will find the enthralling journey of Salesforce—the #1 CRM Company's
path from rags to riches.
W
Vidya Joshi
Editorial Coordinator

6. PUBLISHER
ARCHANA GHULE
EDITOR-IN-CHIEF
VIKRAM SURYAWANSHI
EDITORIAL COORDINATOR
VIDYA JOSHI
SHUBHAM BIRADAR
UTKARSH DESHPANDE
SANYUKTA MULEY
PROJECT MANAGERS
DAVID THOMAS
BHUPENDRA PATEL
ART DIRECTOR
VINOD ALHAT
VISUALIZER
MARK DAVIS
HEAD OF DISTRIBUTION
& PRODUCTION
AAKASH MAHAJAN
HEAD OF OPERATIONS
ROBERT SMITH
RESEARCH ANALYSTS
JAMES ADAMS
ADVERTISING
MARIA SMITH
GRAPHIC DESIGNERS
SUSHANT KAMBLE
SHUBHAM GHODKE
F O L L O W U S
mirrorreviewofficial
MirrorReview1
mirror-review
mirrorreview
Mirror Review Media & Tech
C-206, Wisteriaa Fortune, Laxmi Chowk Rd, opp. Silver
Spoon Hotel, Bhumkar Nagar, Wakad, Pimpri-Chinchwad,
Maharashtra 411057
Mirror Review Magazine is published by Pericles Ventures Pvt Ltd. No
part of Mirror Review magazine may be reproduced, published or
used in any manner without prior written consent from the
publisher. The team of Mirror Review Magazine has made every effort
to ensure the accuracy of the content. The publisher assumes no
responsibility of any part of the content of any advertisement in this
publication, including any errors and
omissions therein.
+1 (850) 564-8517
info@mirrorreview.com
www.mirrorreview.com
mirrorreview

8. COVER
STORY
C
O
N
T
E
N
T
S
Pioneering Commodity Trading and
Risk Management Software Solutions
12

9. Modernizing Cybersecurity
Risk Management
22
The GPS for Compliance
Mapping & Management
26
Catalyst to a Sustainable
World
30
The Right Way to Travel
36

10. C O N T E N T S
Story of Salesforce: The Journey
of CRM Platform, From Rages To Riches
32
SUCCESS STORY
Travel Industry in COVID-19
24
LEADER'S
INSIGHT
Redefining Cyber Risk
Management
40

12. Pioneering Commodity Trading and Ris
Management Software Solutions
Management
FOREMOST
COMPANIES OF 2020
RISK
LOW HIGH
Medium
12 | December 2020

13. sk
COVER STORY
Gerald Neher
CEO & MD
| 13

14. We do not need a m
as we all love wh
And where other people see pr
‘
O
ver the past few months, the oil markets around
the world have been rather bearish due to the
COVID-19 pandemic, resulting in a financial
struggle for several companies in the industry. The
commodity markets, in general, have become more
volatile due to the pandemic, which may lead to
opportunities for traders who better manage their risk.
Moreover, banks are becoming more cautious when
financing commodity trades, particularly for smaller
trading firms. Consequently, the existence of suitable
compliance and risk management measures has turned
from a luxury to an all-important necessity today. The
interest in Commodity Trading and Risk Management
(CTRM) software has thus risen to almost unprecedented
levels.
ComFin Software is meeting this increasing demand
with its cost-competitive, fully functional trading and
risk management software applications to the global
energy and commodity industries with particular
expertise in traders and shipping companies. It has been
providing trading and risk management solutions to
customers in the global oil and gas sector since 1997 and
last year extended its offering to the soft commodities
and metals industry. The company was originally
founded as part of the PVM Group, however, it became
fully independent in 2005. With over two decades of
progress and industry knowledge under its belt, ComFin
Software is recognized and trusted as a leading provider
of cost-competitive fully functional commodity trading
and risk management solutions.
COMPREHENSIVE CTRM SOFTWARE
SOLUTIONS
ComFin software strives to continuously support
commodity traders with its CTRM solutions including,
• Comcore: The Comcore system combines the latest
cutting-edge technology with over two decades of
trading and risk management application
development to provide customers with the most
COVER STORY
14 | December 2020

15. motivation mantra
hat we are doing.
roblems, we see opportunities.
‘
cost-competitive and fully-functional solutions in
the market. Designed to be highly flexible, the
Comcore CTRM system can be used as a standalone
solution or can be integrated into existing software
infrastructures such as SAP, Oracle, or Navision.
• TheBulldog:It is ComFin Software's legacy Energy
Trading and Risk Management Solution. It offers
clients an entry-level CTRM system at a very
competitive price. First implemented in 1999,
TheBulldog'sfunctionality has evolved over 20+
years with its clients' business requirements and the
growth of the refining and oil trading industry.
• ComFIX: It is ComFin's connector to the ICE and
the CME Group. It automates trade flow between the
front and middle office. Using ComFIX, all trades
done on the exchange are automatically imported
into TheBulldog, Comcore, or any other third-party
E/CTRM system. ComFIX supports and has been
certified for all product groups available on the
exchange.
These services are primarily provided in the industries
such as Oil, Gas & Coal Trading, Refining,
Petrochemical, LNG & NGLs, Shipping, and Metals &
Soft Commodities. Besides these solutions, ComFin
Software also provides support, training, and
consultingservices to its clients.
A VETERAN DRIVING THE DEVELOPMENT
Gerald Neher (CEO and Managing Director at
ComFin Software) is at the helm of the company's
operations. After studying economics and I.T., Gerald
joined ComFin in 2005 as a consultant. He became the
CEO of the company in 2010 and pushed the
development of its “Comcore” system, being the state-
of-the-art successor of the legacy system “TheBulldog”.
Gerald, along with his partner Gunther Dauner together
bought ComFinSoftware in 2018. Both of them own
50% of the company through a holding company.
At ComFin Software, Gerald's primary role is advising
| 15

16. COMMODITY
TRADING
& RISK
MANAGEMENT
SOLUTIONS
COVER STORY
16 | December 2020

17. | 17

18. and supporting market participants. Being the CEO of a
mid-sized vendor, he is closely involved in all the
aspects of the company, from pre-sales to customer
support, internal and external consulting, product
management, etc. “Our clients value its CEO and
company owners being close to them and easily
reachable in case of any pressing issues,” he added.
ENCOURAGING THE STAFF
Gerald believes that the most important investment in a
company is the staff. It is essential for a company to have
a motivated and knowledgeable staff asthey will pass
their satisfaction and knowledge to the clients. At
ComFin Software, Gerald ensures the staff has all the
information they need and can work in a pleasant
environment, also encouraging them to raise questions
and suggestions for improvements. Due to the close
personal relationships he has maintained with the staff
members, they have remained friends even after their
professional paths were parted.
Our award-winning
support team is
widely recognized for
its professionalism,
efficiency,
and high level of
customer satisfaction.
‘
18 | December 2020

19. ESTABLISHING STRONG PARTNERSHIPS
Establishing strong partnerships is a crucial aspect of any
growing business. Being a mid-size company, ComFin
Software does not have many of the resources that some
big players might have. The challenge for the company
was to optimize the available resources. For that, it has
established strong partnerships with companies and
private individuals. The company works with sales
partners globally that help it spread the word about its
software solutions. It also works with consultants and
technology partners globally to be able to provide a full
set of solutions to its clients in various industries.
FLEXIBILITY AND FASTER
IMPLEMENTATIONS
Alongside the challenge of managing resources, the
pandemic confronted a significant challenge for
companies such as ComFin Software. Like most other
businesses, the company has adapted the “work from
home” model since March 2020. The transition to remote
working was smooth due to its existing IT infrastructure
and the independent working style of its staff members.
ComFin Software also offered and delivered remote
training for its new clients. As many companies
struggled due to the pandemic, it quickly released a new
liquidity and cashflow simulator to help its clients
understand the impact of late payments and defaults on
their liquidity. “As we understand that our customers
typically operate in different ways, we have always
offered the flexibility to customize any part of the
software and quickly add new functionality to it. This
flexibility is certainly one of our USPs,” asserts Gerald.
Additionally, as more companies get active in
commodity trading, the demand for professional Risk
Management systems is also increasing. Companies are
thus looking to implement those systems relatively
quickly and at a reduced CAPEX cost. Due to the
corporate structure of ComFin Software, it has a
competitive edge in this regard over its competitors.The
company can perform implementations in as little as two
to four weeks at prices that no other major vendor can
offer.
UPGRADING THE PORTFOLIO
As the world moves further towards digitization and
automation, ComFin Software's flexibility is expected to
play a greater role in many areas. (For
example—technical flexibility to add or remove
components as needed, contractual flexibility to be able
to quickly adjust to new challenges, and flexibility to
work from different places).
The company is working with established technology
partners to offer add-ons to its current CTRM package. It
is currently emphasizing on add-ons in the fields of
Artificial Intelligence (AI), Blockchain Technology, and
crisis management. ComFin Software strives to
continuously develop and upgrade its software with new
features and functions.
| 19
Management
FOREMOST
COMPANIES OF 2020
RISK
LOW HIGH
Medium

21. The 10 Foremost Risk Management Companies of 2020
COMPANY NAMES INFO
Brinqa,
Amad Fida &
Hilda Perez,
Founder
C2C Smart Compliance,
Steve Crutchley,
Founder and CEO
Corsica Cybersecurity,
Dale Walls,
Founder
ITC Secure,
Arno Robbertse,
CEO
Libryo,
Peter Flynn,
Garth Watson, &
Malcolm Gray,
Co-founders
Seven Corners,
Justin Tysdal
(Co-founder and CEO),
Jim Krampen
(Co-founder and Executive Officer)
Verisk Insurance Solutions,
Scott G. Stephenson,
Chairman, President, & CEO
C2C SmartCompliance provides compliance infrastructure management
services, compliance software (Enterprise and SaaS) and mapping
solutions.
c2csmartcompliance.com
ComFin Software provides cost competitive, fully functional trading and risk
management software applications to the global energy and commodity
industries.
www.comfinsoftware.com
Corsica Cybersecurity delivers advanced cyber technologies to the private
sector and government agencies.
www.corsicatech.com
ITC delivers high quality managed security services to help organisations
manage the growing complexity of cyber threats and securely support their
digital transformation.
itcsecure.com
Libryo filters all law and delivers only the regulations that matter to the
business.
www.libryo.com
Ondato provide a complete compliance management suite in regards
to KYC procedure
www.ondato.com
policyIQ is a mature Governance, Risk and Compliance technology that
is easy to use and easy to implement.
www.policyiq.com
Seven Corners is an innovative and service-focused travel insurance and
benefit management company that serves a global market.
www.sevencorners.com
Verisk helps customers assess and price risk, improve underwriting and
claims outcomes, and build resilience to extreme events.
www.verisk.com
Brinqa Cyber Risk Services is built for security; transforming security,
context and threat data into knowledge-driven insights that empower
organizations to own their cyber risk.
www.brinqa.com
Ondato,
Liudas Kanapienis,
Co-Founder & CEO
policyIQ ,
Chris Burd,
Managing Director
ComFin Software,
Gerald Neher,
CEO & Managing Director

22. Today, most organizations have
well-defined policies and
processes for responding to
vulnerabilities, findings, alerts, and
other security gaps in their network
and software infrastructure. However,
these practices don't often extend to
newer or less prevalent technologies
such as cloud infrastructure, IoT,
operational technology (OT), etc. With
the continued growth and proliferance
of cloud infrastructure within the
enterprise, companies need to address
these challenges urgently than ever.
Established in 2009, is helping
Brinqa
companies address these challenges
with its solutions. The Austin, TX-
based company was founded by
cybersecurity veterans Amad Fida and
Hilda Perez with an aim to solve the
most challenging, pervasive, and
critical problems in cybersecurity. The
company is on a mission to bring
diverse stakeholders with different
agendas and backgrounds together to
work on a common goal; build
cybersecurity solutions to protect
businesses when their technology
stacks are constantly evolving and in
flux; and foster collaboration and
knowledge-sharing between teams and
processes in environments that are
fragmented and siloed.
omprehensive Coverage of Risk
Analysis and Management
Brinqa cyber risk services provide the
most comprehensive coverage for risk
analysis and management across the
entire enterprise technology
infrastructure. Through dedicated
purpose-built applications for
Vulnerability Management,
Application Security, and Cloud
Security, Brinqa customers can
implement a consistent cyber risk
management strategy across these three
critical components, while establishing
and highlighting any dependencies
between them.
The company also provides a
knowledge graph—the cyber risk
graph—which is the real-time
representation of an organization's
technology infrastructure and
applications, delineation of
interconnects between IT assets and
business services, and a unified
knowledge source for cybersecurity
decisions. The single, unified
knowledge source for cybersecurity
streamlines communication across
varied stakeholders, departments, and
regions.
The Standard Out-of-the-Box
Ontology
Brinqa solutions are built on a
comprehensive, standardized data
ontology that clearly defines,
delineates, and represents the common
IT, security, and business assets that
comprise a typical technology
infrastructure, and relationships
between them. The standard out-of-the-
box (OOB) Brinqa ontology is
designed based on best practices,
industry standards, and its experience
with real-world customers.
Brinqa's customers have complete
access to the data modeling capabilities
used to define and develop this
ontology, and can further tweak the
OOB risk models to accurately
represent their unique environments.
This is crucial for effective risk
analysis and prioritization as presently
there is very little standardization in
how organizations implement their
technology and security environments.
Renowned and Ever-growing
Customer Base
A significant percentage of Brinqa's
customers are large Fortune 100-type
organizations. Its customer base
includes some of the largest enterprises
in retail, healthcare, insurance, and
logistics verticals with a massive
technology footprint. Moreover, in
recent years, the company has seen an
uptick in demand from smaller,
technology-focused organizations.
“Any business that has a strong
dependency on their technology
infrastructure requires a solution like
Brinqa. Our smaller customers range
from internet-based businesses,
technology companies, and mobile-first
solutions,” asserts Syed Abdur,VP of
BRINQA
Modernizing Cybersecurity Risk Management
Syed Abdur
VP | Product Management
& marketing at Brinqa
22 | December 2020

23. Products at Brinqa.
Empowering the Customers
Brinqa provides customers with
everything they need to start their
Cyber Risk Management program. It
provides packaged connectors, risk
models, standard risk scoring,
remediation workflows, and
dashboards & reporting. Most of
Brinqa's customers are quickly
expanding the scope of their Cyber
Risk Management programs to
incorporate Vulnerability Management,
Application Security, Cloud and
Container Security, Mobile Security,
Configuration Management, and
Identify & Access Management.
Besides this, the customers use Brinqa
to automate many components of their
risk management programs – from the
collection of all relevant risk data, to
the building of risk knowledge, to the
communication of risk to all
stakeholders, and the risk remediation
process. The company's automation
capabilities orchestrate better hygiene
in customers' risk management
solutions. Brinqa reconciles asset
management data with live data and
can be used to automate continuous
checks and corrections as well.
As a result, the customers benefit with
a consistent understanding of assets
that factor into determining their
associated risk and better knowledge of
their risk posture based on accurate
information. Brinqa empowers
customers with the ability to identify
and suppress false positives while
highlighting the most critical risks for
remediation.
The Accelerating Need for
Cybersecurity
The COVID-19 pandemic has
highlighted some significant challenges
that most cybersecurity programs and
organizations struggle with. “The
notion of the traditional enterprise
with well-defined boundaries has been
consistently eroding for many years,
and cybersecurity policies and
practices have been slowly evolving to
address this change,” adds Syed.
The pandemic has forced large sections
of the workforce to work remotely,
accelerating the need for cybersecurity
solutions to be re-architected for a
highly-distributed, centralized, and
dynamic technology infrastructure.
Syed believes that the pandemic should
have a positive impact on the
cybersecurity industry in the long term
– resulting in more dynamic, fault-
tolerant cybersecurity programs and
solutions.
Making the Platform Dynamic and
Extendable
The upcoming projects of Brinqa aim
to make the platform even more
dynamic and extendable. As part of
this effort, it is working to open up its
connector development framework – to
allow customers and partners to
develop connectors on their own and
expand its integrated ecosystem at a
faster rate. The company is also
working on the new GraphQL-based
API that can be used by developers as
well as business owners with limited or
no development knowledge.
Furthermore, by combining its graph
database (Neo4j) with a new API
methodology (GraphQL), Brinqa
provides UI developers with the
flexibility to create a rich report builder
that is immediately relevant to business
users. This is beneficial to developers
as they can leverage the same API,
improving code quality and
consistency through more interactive
and self-documenting API usage than
traditional REST APIs.
Securing the Software Development
Life Cycle
By mapping how IT enables and
impacts business to create accurate
cybersecurity data ontology, modern
Cyber Risk Management provides a
unique opportunity to introduce
security early into IT processes and the
Software Development Life Cycle
(SDLC). It drastically reduces the cost
of identifying and remediating
vulnerabilities, as well as delivers
software that is more robust, secure,
and reliable.
In the near future, Syed believes that
organizations will continue to improve
their ability to develop IT and SDCL
processes that are secure and risk-
aware. “This is very important as
enterprise technology environments
become more distributed and rapidly
evolve to adjust for changes in the real
world. The pandemic has shown us
that the changes can be drastic and
organizations need to be prepared to
adjust on short notice,” he
concluded.
Brinqa cyber risk
services are built for
security; transforming
security, context, and
thread data into
knowledge-driven
insights that empower
organizations to own
their cyber risk.
| 23
Management
FOREMOST
COMPANIES OF 2020
RISK
LOW HIGH
Medium

24. The COVID-19 pandemic has
impacted nearly every aspect
of people's lives, and travel is
no exception. In fact, the travel
industry may have been one of the
most affected areas, as travel plans
were changed, postponed, or canceled
entirely. The year 2020 saw an 80%
decrease in travel, both internationally
and domestically. While we've seen a
slight uptick in leisure travel again,
business travel is still significantly
depressed, and we expect to see that
continue into next year.
This year, travelers began to place
greater importance on safety,
cleanliness and flexibility when
booking travel, as opposed to luxury
or comfort. This means that despite
the travel industry declining,
consumers' awareness of travel
insurance increased. In fact, the
instance of travelers purchasing travel
to start making plans for spring break
travel. With travel regulations
constantly changing and next spring
still unknown for COVID-19
restrictions, people will likely make
plans closer to their departure date to
ensure there aren't changes with their
trip.
Understand cancellation penalties
prior to booking
Travelers are also more mindful of
their health and whether or not their
trip plans are flexible. If people are
traveling out of the country, they now
have to consider whether or not they
are covered for contracting COVID-19
abroad, and who will help them get
home in case of emergency. I
encourage travelers to understand
what their flexibility options are when
they book a trip and ensure that you
fully understand the booking terms. If
insurance for their trips is expected to
increase by 50% this year, and that
trend should continue into next year.
Because of the pandemic, people are
more aware of travel insurance and its
benefits in protecting expensive trip
costs. I've outlined the major changes
in travelers' behaviors and how
travelers can stay prepared for the
future during this uncertain time.
Travelers' priorities have changed
As mentioned, people are now more
conscious of safety and cleanliness
when considering travel plans, and
they're more aware of what their
options are. Because of these concerns
brought about by COVID-19, people
are now booking trips closer to when
they'll leave instead of making plans
in advance. For example, now is
usually the time we see people begin
How COVID-19 Has Impacted
the Travel Industry
By Jeremy Murchland,
Seven Corners, President
24 | December 2020
Leader's Insight

25. your trip is interrupted or canceled,
know what your penalties are.
Because of potential penalties, it's a
good idea to consider purchasing
travel insurance to protect trip costs.
Consider adding travel insurance
I recommend that people purchase a
comprehensive type of travel
insurance that covers trip cancellation
and interruption as well as injuries and
illnesses that occur on a trip. Some
plans offer medical only, or if you're
taking a cruise, the plan may only
cover the cruise. Make sure you
purchase travel insurance that is fully
comprehensive and covers all angles
of your trip.
It's also prudent to consider adding
Cancel for Any Reason (CFAR)
coverage to your insurance plan.
CFAR is always going to provide the
most flexible options for travelers to
cancel a trip for any reason of their
choosing. Adding CFAR will provide
you a refund of up to 75% of your
nonrefundable trip costs. We've
experienced a large increase in CFAR
sales as people continue to be
hypersensitive to sudden trip
cancellations and interruptions during
the pandemic.
Even in a decreased travel market,
we're seeing an increase in travel
insurance sales as awareness of travel
insurance begins to increase. Prior to
the pandemic, people didn't
understand what travel insurance was
or why they needed it. Now, they
recognize its importance and
understand that a travel insurance plan
can protect them in the event of an
emergency situation.
About the Author
Jeremy Murchland is the president of Seven Corners, an innovative and
service-focused travel insurance and benefit management company that
serves a global market. Based in Carmel, Ind., the company offers
customized travel insurance solutions and 24/7 emergency medical and
travel assistance services for individuals and groups. Seven Corners also
administers health care benefits for select U.S. government programs.
Murchland became president of Seven Corners in January of 2020 after
serving as the senior vice president of sales and marketing for the
company. Murchland has more than 20 years of senior management
experience and a long history of building high-performance teams and
growing revenue. As president, Murchland is responsible for leading the
execution of the Seven Corners' strategic plan along with the management
of day-to-day business operations.
The future of travel
Of course, the future of the travel
market is difficult to predict with the
constant changes COVID-19 has
brought us. However, we're expecting
a return to leisure travel as we start to
move into summer of next year, with
trip bookings expected to take place in
March or April. Business travel will
still likely be behind as people
continue with virtual means of
communication.
One thing is certain: people are
anxious to return to a sense of
normalcy. It's possible that 2021 could
experience a major travel boom, as
travelers use their flight credits and
finally take those long-awaited trips.
Hopefully, they are able to do so
safely while protecting their trip
costs.
| 25

26. As government regulations
spread around the globe,
geopolitical, regulatory,
legal, and compliance risks continue
to present challenges for enterprises.
Moreover, with the increasing
proliferation of laws and rules and an
increase in stakeholder expectations,
organizations are more vulnerable to
compliance risks than ever. Today, a
majority of companies still take an
old-school approach when it comes
to managing compliance risk. As the
risk issues change as per the
business, their strategy and process
must also change accordingly.
C2C Smart Compliance, a Virginia
VA-based leading risk and
compliance management solution
provider is helping organizations
optimize their risk and compliance
management operations. It is a
premiere GRC firm, providing
compliance infrastructure
management services, compliance
software (Enterprise and SaaS), and
mapping solutions that support
international regulatory standards
and best practices for commercial
and government enterprises. C2C's
web-based, automated compliance
platform is designed for improved
business performance and audit
readiness across the entire
organization.
Unique Service Offerings
C2C Smart Compliance was
established in 2005 as
Consult2Comply. However, its name
was changed in 2013 to C2C Smart
Compliance as it aligned its business
more to the compliance and risk
industry and the demand for its
products started increasing. The
company provides unique offerings
in risk, compliance, content, and
mappings including,
• MyRiskAssessor (MyRA)
It is a fully functional risk product
that contains a comprehensive set of
threats linked to vulnerabilities
linked to control infrastructures. This
allows the risk management process
to be streamlined in the organizations
and supports the skills needed to
effectively undertake a risk
assessment and manage the risks.
Moreover, as organizations cannot
effectively apply a correct threat
without a structure threat library,
MyRA allows this process to be
undertaken painlessly and supports
the findings.
It also shows Risk Values, Inherent
Risk Values, Residual Risk Values,
and Control effectiveness – all
outputs from the risk management
process using the threat tables.
Alongside this, MyRA also offers
Business impact Analysis,
Assessment Questionnaires, Risk
Treatment, and remediation with
workflow and full reporting
including filtering and graphical
representations.
• Compliance Mapper (CM)
It is a unique compliance product.
CM has over 10,000 regulations,
standards, and best practices in the
product. The CM Mapping
Capability allows mappings to be
applied (manually, semi-manually,
and automatically) to the frameworks
and showing mapping level as a
guide to the compliance staff. This
provides a good level of
understanding to the teams that are
measuring compliance effectiveness.
C2C SMART
COMPLIANCE
e GPS for Compliance Mapping & Management
Steve Crutchley
Founder and CEO
26 | December 2020

27. Furthermore, CM is also capable of
finding possible mappings as well.
Alongside these prominent products,
C2C provides several compliance
services such as — Banking &
Financial Management, Regulatory
Change Management, C2C Content
Library, Assessing Compliance and
Policy Gap Analysis, GDPR,
Mapping/Crosswalk Services, etc.
“We at C2C are pushing the envelope
to ensure that compliance
professionals can easily get to grips
and understand the relationships of
multiple differing frameworks into
one coherent compliance
infrastructure,” said Steve
Crutchley (Founder and CEO at
C2C Smart Compliance).
Foremost Authority in the GRC
Arena
Steve is a recognized leader and the
foremost authority in the GRC arena,
with more than 25 years of
experience in business protection. He
came to the U.S. in 2002 just after
9/11 and started his business
4FrontSecurity that, which was later
acquired by Symantec. Steve left
Symantec to start Consult2Comply
and to develop the Compliance
Mapper product. Compliance
Mapper was developed to help
businesses understand a line of sight
into regulations, standards, and best
practices from policies, a major
requirement still being used today.
MyRA was initially developed for IT
risk but it also has moved on
significantly. He takes pride in
leading a team that is committed to
understanding customer needs and
delivering success.
As the founder and CEO, Steve's
roles are to ensure the client needs
are met, to design the software to
deliver what the client wants, and to
manage the teams to make sure they
can respond quickly and effectively.
Offering Value-added Services
Since its inception, C2C's aim has
been keeping everything simple and
not over-complicating subjects like
risk and compliance. However, the
cutthroat market competition seeks
unique methods and tends to over
complicate everything. “We strive to
offer value- added services and this
can be difficult because people want
complication which makes life more
difficult and takes much longer
putting organizations at risk,” adds
Steve.
Delivering to the Clients' Needs
The COVID-19 pandemic has
unsettled several businesses around
the world. C2C, however, was not
severely affected by the pandemic.
The company provided continuous
services throughout the pandemic
and has also maintained the
relationships with its clients. It takes
pride in listening and delivering to
the clients' needs.
Before the pandemic, all the C2C
staff was used to travel extensively,
supporting its clients on-site.
However, being deskbound due to
the impositions, it has adapted to the
conferencing facilities. Moreover, as
the 9 am to 5 pm days have
disappeared into obscurity, the
company's solid work ethic has
supported it. Heaping praises on his
team, Steve further added that the
C2C team was excellent and very
professional in their approach to
business in these unprecedented
times.
Continually Improving
Functionality
Presently, C2C has numerous
projects in hand such as working
with large bank groups and legacy
GRC vendors, providing them with
regulatory content. Moreover, the
company has recently made in-roads
to the Australian Market with the
help of a partner who understands the
Australian market and conditions.
In the near future, the company aims
to continually improve functionality
to make the risk process easier for
people that do not necessarily
understand risk and want to
undertake risk assessment and get
proven results.
While many
organizations give
you what you
don't want,
C2C prides itself
on listening
and delivering
to your needs.
| 27
Management
FOREMOST
COMPANIES OF 2020
RISK
LOW HIGH
Medium

28. YOUR N
ARE OUR
• With over three decades experience, we
have developed and enhanced the
Industry pioneering off-the-shelf Energy
and Commodity Trading & Risk
Management Systems and
“TheBulldog”
its successor .
• At ComFin, we tailor our CTRM solutions
to meet our clients' requirements and
needs. With these solutions, companies
can manage the whole lifecycle of
physical/paper trade from to
front
middle back office risk
to , with relevant
management reporting
, and
compliance functionality such as
invoicing, audits and permission
management.
OUR SYSTEMS
• Maximise profits by reducing
associated risks (Market risk,
Credit risk, Operation risk)
• Streamline and automate
workflows
• Enforce financial and
operational checks
• Improve efficiency of Mid and
Back Office departments
• Maintain database of trading
and market data for historical
analysis and informed decision-
making
WHY COMCORE IS THE IDEAL
CHOICE FOR YOUR BUSINESS
www.comfinsoftware.com info@comfinsoftware.com

29. NEEDS
R DUTIES!
• 100 % Made in Austria, no outsourcing
• User-friendly working, cost-effective usage services
• Dedicated and experienced support and consulting staff
• Offer standard implementation within two weeks, inclusive
of system configuration, data migration (if systems are
replaced) and user training
• High level support from the head quarter (no call centre)
WHY WE ARE UNIQUE
For further enquiries please contact us!
TEL: +43-1-513 47 04

30. ibryo
L is the brainchild of the
trio of Peter Flynn, Garth
Watson, and Malcolm Gray
(Co-founders). Established in 2016,
the London-based compliance scale-
up sees a world where anyone can
know what the law requires of them
and others, to achieve environmental,
social, and financial justice.
Libryo exists to be a catalyst for a
sustainable world by radically re-
organizing the world's regulation and
making it easily available. It is also
building a definitive global
marketplace for legislation, where
Libryo users can seamlessly obtain
legal content and professional
services. Over the next few years, the
company aims to have all of the
world's regulations readily available
on its platform for easy access.
Presently, it offers a legal tech
solution to businesses. However, it
ultimately aims to help a broad set of
stakeholders with solutions around
legal requirements and policies.
Comprehensive Compliance
Services
Libryo is the only company in the
world that turns legal content into
legal data and then uses a customer's
context to determine what legal
requirements apply to them.
Typically, competitors require their
customers to spend large amounts of
time figuring out what law applies to
them manually. Then, they collect the
applicable content in various formats
and keep it up to date in a manual
way. This is prone to human error
and creates problems for
multinational organizations that are
not able to see cross-comparable
legal information for their whole
business, across all operations.
Subsequently, Libryo is building a
database of the world's law in a
consolidated format to help reduce
human errors and streamline the legal
information. This allows customers
and third parties to access the law
through its API for their different use
cases. It also provides a SaaS
solution, which its customers
subscribe to on an annual basis.
Moreover, the company provides its
legal data (Data as a Service) via API
keys for the partners and works with
them to integrate data and use it to
deliver regulatory compliance
solutions for the partners' customers.
Libryo takes the legal research
legwork away from its customers and
partners, and delivers only the
applicable regulations and
requirements to each customer at a
local, regional, national, or global
level.
Turning Law into Data
Most people in business want to
comply with all applicable laws,
however, they often fail to do so.
This is essentially due to a fact that
law exists as unstructured content in
multiple formats, in multiple spoken
languages, and has to be sourced
from many different physical places,
thus making it near impossible to
know legal requirements in an ever-
changing regulatory environment.
Resolving this issue, Libryo is
turning law into data by extracting
legal text and using metadata to put
the text into context and to identify
meaning in a uniform, global, and
cross-comparable machine-readable
format. “We believe that the existence
of this data will revolutionize the
entire legal requirements element of
the global risk management
industry,” adds Flynn.
The Trio Optimizing its
Capabilities
Peter, alongside his fellow co-
LIBRYO
Catalyst to a Sustainable World
Peter Flynn
Co-founder
30 | December 2020

31. founders, has a non-traditional and
non-hierarchical way of defining his
roles and responsibilities at Libryo.
The trio divides responsibilities
according to their personal and
professional strengths, using the
RASCI framework. Peter's
responsibilities are technology,
product development, and sales of
new products, while also working
closely with Garth and Malcolm on
developing the company strategy. He
has had a multifaceted career as a
professional musician, a freelance
web developer, and the co-founder of
a large web application development
consultancy and large technology
conference in South Africa. Peter
alongside his co-founders, is
leveraging all his experience to drive
Libryo towards hypergrowth, both in
revenue and realized value to
customers.
New Strategies, New Solutions
Like most companies, the COVID-19
pandemic forced Libryo to find new
ways to operate. Being a venture-
based startup, it strategically runs the
business at a loss to pour as many
resources as possible into product
development and growth. When the
pandemic hit, the company realized
that it needed to extend its cash
runway as far as possible and act fast
without losing any employees.
Heeding to this COVID crisis,
Libryo implemented a strategy of a
20 percent pay cut across the whole
company, which has enabled it to
extend its runway far into the future.
The company is also closing a new
round of capital (over £1m already
closed as at December 2020), which
will see it in a strong financial
position for the foreseeable future.
Besides operational changes, the
pandemic also forced companies to
embrace digital solutions quickly.
Being an agile tech provider, Libryo
quickly got to work developing a free
solution called the COVID-19
Regulation Tracker, to help other
businesses globally know their legal
requirements concerning the
pandemic. This helped to support the
organizations struggling to cope with
the impact of the virus and ensure
that the work environments are safe
for their employees and customers.
Remote Working: The New
Standard
The lockdown impositions due to the
pandemic have resulted in companies
asking the employees to work
remotely. While remote working was
relatively new for most companies,
Libryo was used to the concept as it
was a 'Remote First' business since
its inception. At Libryo, no employee
has a fixed desk, and its employees,
spread across 8 countries, can work
from wherever they choose, provided
the internet is good. “For us, it's
really just been about less travel for
meetings, a more deliberate regime
of rest and being able to hire the best
talent without forcing them to have to
move from their communities,”
asserts Peter.
Preparations for the Future
Once there is global herd
immunity to COVID, Peter foresees
a huge cultural resistance to returning
again to the office or factory 5 days a
week, and also to travelling as
frequently for business meetings as
before COVID. This has massive
repercussions in regard to what
work-related tasks look like in the
future, and the systems needed to
manage the associated risks. He
believes that occupational hygiene
and related categories of risk
management will be important in
organizational management in the
future.
Anticipating the changes, Libryo
recently launched version 3 of the
Libryo Platform which makes the
ingestion of the legal content even
faster, thus enabling it to onboard
customers in brand new territories
within weeks. It is also finalizing the
Libryo Assess module, built to help
organizations complete self-
assessment and gain visibility of their
compliance and risk status across all
of their operations in a single
dashboard. By 2025, the company
aims to be the best and most
comprehensive global Data-as-a-
Service ecosystem and Software-as-
a-Service marketplace for legal and
other requirements.
We are a team
of frontrunners
on a mission
to make it
easier for
companies to know
the law, and
keep it.
Management
FOREMOST
COMPANIES OF 2020
RISK
LOW HIGH
Medium
| 31

32. 32 | December 2020
Storyof
The Journey of #1 CRM Platform,
From Rages To Riches
The goal of an enterprise CRM (Customer Relation Management) platform is to manage a company's interactions with
their present and future customers. Back in the early 90's, CRM companies were offering expensive softwares to
enterprise users, which they had to monetarily manage from start to finish. However, Marc Russell Benioff had a
change savvy vision to create a Software as a Service (SaaS) CRM model for customers who will be charged as per software
usage only.
This new approach faced severe backlash from venture capitalists and investors who ridiculed his idea at that time. However,
he remained determined towards his vision and did not falter. Marc invested his personal funds which he had obtained from
his investments in Siebel Systems, Inc. Salesforce.com was brought to life from a nutshell of an idea, transformed later into a
revolutionary one.
Following mentioned is a milestone journey of Saleforce.com from humble beginnings to a skyrocketing dynasty.
In March, 1999 Salesforce took its first breath in a miniscule apartment located atop Telegraph Hill, Sanfranciso, USA, next
to Marc Benioff's apartment. Joining hands with Marc were Parker Harris, Frank Dominguez and Dave Moellenhoff with
inspirational posters of the Dalai Lama, Albert Einstein and two dogs in their office backdrop.
After a decade of experience in Oracle, Benioff wanted to establish a CRM company which would offer CRM based services
over the internet by utilizing central servers to store customers' data rather than selling packaged software to businesses. In
this way, he wanted to prevent enterprises in leveraging millions of dollars, otherwise required to purchase, implement and
constantly upgrade the softwares. Marc, along with his three programmers developed the fundamental prototype within
months, following the footsteps of Amazon.com. He wanted to replicate the similar easy accessibility, rapid availability and
user friendly nature of Amazon's over the internet program for his CRM platform.
In July 1999, Salesforce found a home at Rincon Center with 10 employees working full time in an eight thousand square
foot office. With new developments and fructified ideas, Salesforce again relocated by November 2000 to One Market Street.
TELEGRAPH HILL, SAN FRANCISCO (1999)
SUCCESS STORY
32 | December 2020

33. DAWN OF THE MILLENIUM: SALESFORCE ENTER IN THE BUSINESS LANDSCAPE (2000)
The millennium era marked the arrival of Salesforce, a power packed product developed by a highly skilled team at an
upscale location.
Mark, who is known as the rookie and pitchman of sales and marketing, came up with a distinctive marketing campaign to
introduce Salesforce to its audience. To depict a visual advertising presentation, the lower level of the Regency Theatre was
transformed into a space, imitating the Enterprise Software as 'Hell' with stage actors shouting and screaming at the top of
their lungs. Soon, after getting released from the cages and covering their way on dirt, the actors find Salesforce.com. This
entire setting of the launch was publicly advertised under the heading of 'No Software'.
In addition to that, the campaign also showcased a feisty fighter jet defeating a biplane. This fighter jet illustrated the
technically blessed and futuristic software unlike its rival competitors. On the other hand, biplane represented the harrowing
software industry unable to cater to the customer requirements.
BIRTH OF DREAMFORCE (2003)
Salesforce's City Tour was a regular symposium, lasting for a few hours held across the country. This event was used as a
platform by the CRM solutions provider company to introduce their latest range of products and to understand the
requirements from the target users. However, in 2003, Salesforce initiated a new event called Dreamforce which was attended
by 1,000 registered participants. Sforce 2.0, the CRM industry's first on-demand application service was launched at
Dremforce.
BRINGING OHANA CULTURE TO LIFE AT SALESFORCE (2004)
The Founder of Salesforce was highly impressed as well as inspired by the spirited nature of Hawaii. In June 2004, Marc
threw a Hawaiian themed launch party to introduce Salesforce Ohana. He not only wanted to instill a free spirited work
culture in his employees, but also the global community they have built. Marc also purchased its first office in Hawaii at the
Rincon Centre.
CHANGING THE WORLD OF BUSINESS SOFTWARE DYNAMICS WITH APPEXCHANGE (2005)
Under the flagship of Salesforce, the innovative CRM company introduced AppExchange. Here, customers were given
complete freedom to develop their own applications as per their requirements and also, make it available for other Salesforce
user communities.
LOGICAL EXTENSION OF PLATFORM AS A SERVICE (PAAS) (2006)
Since the introduction of Dreamforce, the number of eager participants and business enthusiasts started escalating along with
Salesforce product users and its avid followers. Apex was an on-demand programming language, allowing third party
customers, for the first time, to inscribe and run code on Salesforce.com's shared architecture. This reinforced users, partners
and program developers to operate on the same language.
Parker Harris was one of the pioneer developers behind the success of Salesforce. Parker formulated a technology called
Visualforce, permitting users to design interfaces, including buttons, forms, links and embed anything as per their personal
liking and necessity. This technology opened doors to the Salesforce Platform-as-a-Service (PaaS) called as Force.com. This
futuristic program ran multiple times faster than the conventional programming methods. Big shots like Citigroup, Morgan
Stanley, Thomson Reuters and Japan Post began using Force.com to build their custom applications.
| 33

34. CLOUD COMPUTING OPENS LARGER AVENUES OF MARKETING (2012)
After enjoying a decade of successful innings, Salesforce till 2012 had managed to cover sales, service & PaaS platforms
with Dreamforce playing a significant role. During the same time, Salesforce went on a shopping spree to acquire numerous
companies related to their space and managed to reap tremendous benefits from them as well. By 2012, Cloud Computing
arrived in the market with infinite opportunities and room full of advancements.
ULTIMATE MOBILE EXPERIENCE (2013)
With half of the world's population using smart phones, Salesforce rolled out the Salesforce1 platform with a rationale to
allow access to unlimited information available on the internet. Through this advanced platform, users can access other
Salesforce products as well as AppExchange applications from the App store.
Salesforce had managed to keep the look of its browser simple and hustle free for about 16 years. Owing to the advancements
in marketing strategies and advertising, Salesforce launched The Lightning Experience with a focus on color schemes, eye
catchy look and responsiveness of the app for revamping its brower appearance.
AGE OF CUSTOM MAKEOVER (2015)
IMPACT OF ARTIFICIAL INTELLIGENCE (2016)
The 2016 Dreamforce summit showcased the launch of Einstein, offering advanced AI capabilities to sales, service and
marketing along with the flexibility to build custom apps. The event was witnessed by 170,000 crowd in a 4 day conference
with over 15 million additional viewers streaming through Salesforce Live.
The global CRM leader introduced the Quip Collaboration Platform, allowing teams to join forces and work effectively at a
faster pace via one live document. Through Live Apps, records, calendars, kanban boards could be used. Moreover, Quip is
equipped with workflow templates, pre-built Quip documents and spreadsheets for distinct industries, projects and functions,
enabling teams to deliver productive outcomes.
QUIP COLLABORATION PLATFORM (2017)
In 2018, the team of Salesforce came up with an easy-to-use sales and service apps for small start-up companies through
Essentials. The latest launch is powered by Salesforce Trailhead, Einstein AI, Lightning and AppExchange, which stores the
user data over Cloud and cater to all the requirements of its clients. Essentials, is a blessing in disguise for entrepreneurs of
small businesses and start-ups who can now maintain excellent customer relationships using this platform.
Over the last 19 years, Salesforce has managed to surpass its competitors by delivering an outstanding range of products one
after the other. With resonating technology and its advancements, the business enterprises and customers have huge
expectations from Mark Benioff as well as the Salesforce empire in the future.
SALESFORCE ESSENTIALS (2018)
34 | December 2020
SUCCESS STORY

36. Travel insurance is one of the
most important investments
for a traveler, particularly for
traveling abroad, as travel insurance
covers numerous risks such as
medical risks, travel risks, flight
disruptions, etc. Thus, numerous
travelers today prefer to buy a
comprehensive travel insurance
policy while planning their journey.
At present, there are many travel
insurance providers available in the
market. However, distinguishing
itself with more than two decades of
experience, is one of
Seven Corners
the best travel insurance solution
providers around.
Incorporated in 1993, the Carmel,
Indiana-based company is an
innovative and service-focused travel
insurance and benefit management
company that serves a global market.
The company was co-founded by two
young travel insurance industry
professionals —Justin Tysdal (Co-
founder and CEO) & Jim Krampen
(Co-founder and Executive
Officer)—with a mission to protect
travelers while building loyal
customers, inspiring team members,
and driving value for its partners.
Specialized Services and Solutions
Beginning with a single travel
insurance product, Seven Corners
today serves the needs of hundreds of
thousands of members worldwide
through its diversified portfolio of
products and services. The company
offers a plethora of travel insurance
plans including travel medical plans,
student plans, annual plans, visitor
plans, group plans, etc. Besides these
plans, it also offers customized
services such as medical assistance,
including emergency medical
evacuations and repatriations and
medical case management. The
Seven Corners team services their
customers through several different
communication tools as well as an
online portal that allows them to
view their purchases, extend and
cancel plans, and check the status of
a claim.
Furthermore, in the wake of the
COVID-19 pandemic, Seven Corners
designed specialized COVID-19
travel medical plans. The company
accomplished this by adding a
specific benefit to its existing plans
and rebranding plans with 'plus,' to
clarify the expansion of the plan.
This new benefit covers medical
expenses if a customer contracts
COVID-19 on their trip. Moreover,
the coverage is not tied to travel
warnings. Seven Corners also
launched the “Right Way to
Travel”—an initiative to improve
service via new communication tools
and additional self-service options
for customers.
Ensuring a Customer-centric
Culture
The team of Seven Corners believes
in community, and the company
culture is centered around extending
a sense of community to its
customers regardless of where they
are. This varies from guiding a
customer to choose the best benefits
for his/her needs, to managing an
emergency medical evacuation
halfway across the globe. The team
works with company values at the
heart of its efforts.
Seven Corners' team is led by the two
co-founders who ensure these core
values remain at the forefront of the
company operations. Justin is
involved in developing the
company's strategic direction and
long-term planning and works on
processes and operations, while Jim
Seven Corners
e Right Way to Travel
Justin Tysdal
Co-founder & CEO
36 | December 2020

37. handles sales and growth. Both the
veterans have different skillsets and
personalities, which they have
leveraged to provide a well-balanced
approach to the business and drive
the company towards growth.
Pivoting to Meet the Changes
The pandemic presented numerous
challenges for businesses in the
travel insurance industry. For Seven
Corners, the major challenge was the
inability of folks to travel
internationally. However, the
company had an excellent marketing
plan in place before the pandemic hit,
which resulted in record sales in
January and February of 2020. The
organization continues to manage
that plan nimbly, pivoting quickly to
meet changes in the market. “Our
team has also reviewed expenses,
instituting cost-savings measures
when it made sense and evaluating
partner relationships to ensure the
value we need is there,” Justin added.
Upholding Communication and
Values
In response to the pandemic, Seven
Corners initiated remote work for
team members in early March. Most
of the team still works remotely
although the company has provided
options for anyone who wishes to
work from the office. Moreover,
Seven Corners' motivational mantra
is based on communication and
company values.
“If you don't know there is a problem
or gap for customers, you can't fix
it,” asserts Justin. The entire
company meets virtually every
Monday where updates from all areas
of the business are reviewed. In the
meeting, performance metrics are
covered and if needed, the next steps
for improvements are also discussed
so that Seven Corners is ready to face
the upcoming challenges post-
pandemic.
Anticipating the Changes
The pandemic has impacted the
travel insurance market significantly.
For most companies, sales were up in
the first quarter of 2020 and tumbled
when the pandemic hit. As people get
more comfortable traveling post
pandemic, Seven Corners anticipates
a strong return to travel towards the
end of the second quarter with
travelers purchasing travel insurance
more frequently than they did
previously.
Throughout the pandemic travel
crisis, consumers have learned how
travel insurance works and now have
a better understanding of travel
insurance and the difference it can
make for a traveler who encounters
both small and large obstacles while
traveling. Seven Corners promises to
continue to aggressively review its
products and services, checking in
with customers to identify their
wants and needs. “We believe travel
will return in a big way, and the steps
we take now will make a difference
once folks can travel again,” adds
Justin.
Perseverance and Sustainability
Having successfully led a company
for more than two decades, Justin
believes that perseverance and the
ability to hold on to the dream are
crucial to success for any
entrepreneur. Citing his own
experience, he added that both he and
Jim had second jobs to ensure they
had the income to carry through until
the company was self-sustaining.
Whenever they hit roadblocks, they
found a way through or around them
and moved on. These, according to
Justin, are the keys to success for
aspiring entrepreneurs.
Jim Krampen
Co-founder & Executive O cer
At Seven Corners,
we want to give
you the freedom
to experience
new places and
re-visit places
that may be close
to your heart.
Management
FOREMOST
COMPANIES OF 2020
RISK
LOW HIGH
Medium
| 37

40. COMINGTOGETHERON
ENTERPRISE CYBERRISK
MANAGEMENT
It is not uncommon for two people
to talk about enterprise cyber risk
management and walk away with
different understandings of the topic.
What enterprise cyber risk
management is can even vary within an
organization, often depending on
which function you belong to –
business, IT, InfoSec, or another. It is
important to establish a common
understanding of this important
discipline, since the proper execution
of enterprise cyber risk management is
so critical to an organization.
Defining Enterprise Risk
Business leaders generally are referring
to some force outside of their control
that may damage corporate assets when
talking about risk. The risk gamut can
range from critical systems being held
hostage by ransomware, to exposure of
confidential client information. It's a
critical focus because a company's
executives have a duty to protect
shareholders' assets from risks,
particularly financial damage.
Enterprise risk refers to this idea in a
big company context. It is critical for
enterprise risk management to include
a cyber component, especially as
business functions and processes move
to the cloud, and as businesses undergo
The absence of a common
understanding and clear definition
leaves too much ambiguity for the
various stakeholders to execute on a
unified plan and strategy. To be
effective, enterprise cyber risk
management must be a continuous,
consistent process that brings together
people, processes and information
across business, IT and Information
Security teams.
Enterprise Cyber Risk Defined
Enterprise cyber risk in our context can
be defined as any situation where a
cyber-borne threat affects business
value or operational effectiveness of a
corporate asset in a negative way. This
is a far broader definition of cyber risk
than is normally used in cybersecurity
circles. CISOs tend to view risk in
context of digital assets, for example
any threats to destroy data or software,
or disrupt networks. However,
enterprise cyber risks are far more
widespread in nature. Consider these
examples:
• Customers' confidential
information being compromised
causing diminished brand
reputation
• Hacking of IT systems leading to
physical damage or even fatalities
rapid digital transformation.
Clarifying Enterprise Cyber Risk
Management
It can be a difficult endeavor coming to
a practical understanding of enterprise
cyber risk management. One reason is
that the Enterprise Risk Management
(ERM) field is large and diverse. There
are multiple frameworks for ERM,
which take different angles to address
the problem. For example, the COSO
ERM framework focuses on financial
risk, including risks from fraud or bad
debt.
The Chief Risk Officer (CRO) is
responsible for ERM in many
organizations, but often the focus is
mostly in the context of compliance.
As a result, the organization may be
required to meet some cybersecurity
standards. However, it is important to
not make compliance the primary
driver for cyber risk management
strategies and goals. For example, an
organization may be compliant with
the law but still be at serious risk from
a cybersecurity perspective. In
addition, the CRO may have no
corporate mandate to deal with cyber
risks.
By: Syed Abdur, VP, Product Management & Marketing, Brinqa
40 | December 2020
Leader's Insight

41. • DDoS attacks resulting in critical
business applications being
unavailable and financial losses
As you may recall, the handling of the
Equifax breach a few years ago led to
significant outrage from the public and
caused considerable damage to the
Equifax brand. Key executives,
including the CEO, abandoned ship in
the weeks and months following the
disclosure. The company faced more
than 240 class action lawsuits and
investigations from state and federal
agencies, including the Federal Trade
Commission (FTC) and the Securities
and Exchange Commission (SEC).
Equifax reported it recorded $87.5
million for expenses related to the
breach that quarter. While a web
application vulnerability was
determined to be the cause of the
breach, the extensive damage to the
business and brand was a result of
Equifax's inability to manage and
understand enterprise cyber risk.
Enterprise Cyber Risk
Management's Main Challenge
There is no final, end goal in enterprise
cyber risk – it's an ongoing endeavor.
Consider the literally hundreds of
millions of new cyber threats that
appear every year. Corporate assets are
exposed to cyber threats in almost
every imaginable way. Especially with
work from home (WFH), the attack
surface area is immense these days,
including every endpoint, application,
data store and infrastructure element.
And, all of these are dynamic,
including applications which are
constantly changing, and operating
systems and hardware which are being
continuously updated. In addition,
connections between a company, its
partners and the outside world are
never static.
Cyber risk management challenges
confidential information. Compliance
initiatives monitor the status of assets
that must be tracked in accordance
with various standards. What most
organizations struggle with are the data
management capabilities and analytical
maturity needed to incorporate and
operationalize this information.
Establishing the right ownership and
accountability model for cyber risk is
also very important. Repeated alerts
and notifications from InfoSec may go
unresolved, but making the business
owner part of the risk remediation
process can have a very different affect.
In this way, cybersecurity is simply
facilitating the conversation between
responsible and accountable
stakeholders. Making business users
part of the risk ownership and
escalation chains ensures that those
directly impacted by the problem have
a say in how and when it is addressed.
A cyber risk management platform can
facilitate this process. It can aggregate
all the data required for cyber risk
analysis – across business, IT, and
cybersecurity data sources. The
platform can normalize and correlate
risk data so enterprise risk managers
can discover the connections between
technology assets and understand the
threats and impact to business. Armed
with this knowledge, risk managers can
prioritize vulnerabilities and focus
mitigation efforts on the most critical
risks and most valuable assets. An
organized, data-centric approach to
enterprise cyber risk management can
bring the CISO and CRO, and their
distinct perspectives on cyber risk,
together for a shared business purpose.
Properly correlated and interpreted risk
data creates the common ground
necessary for a truly enterprise-wide
approach to cyber risk management.
revolve around maintaining control and
awareness in a hugely complex and
rapidly shifting environment. The lack
of understanding of the Information
Security function in most organizations
further complicates this. Confusion
abounds around the roles,
responsibility and division of InfoSec
and IT. One way to think about it is to
consider IT and InfoSec as essential
but ancillary functions (such as legal,
HR, etc.) that exist together to support
the business. Neither function is
accountable to the other, but rather is
accountable to the business and exists
to help the enterprise reach its ultimate
goals.
The Approach To Enterprise Cyber
Risk Management
Considering that IT and cybersecurity
work together to achieve common
goals, we can begin to put a practical
framework together for enterprise
cyber risk management. For the most
part, InfoSec usually has good
visibility into IT data and processes,
and works extensively on this
information to accomplish various
assessment and monitoring activities to
identify gaps, vulnerabilities and
threats. However, to effectively
evaluate the associated cyber risks, we
must understand the potential impacts
of these weaknesses and threats to the
business. This can be accomplished by
building relevant and accurate business
context into the cyber risk analysis
process.
While it may seem daunting at first,
most enterprises have information
somewhere within the enterprise to
build business context. Business
continuity and disaster recovery
(BC/DR) initiatives can report the
business impact of technical assets.
Data protection programs can provide
details about which areas of the
infrastructure process sensitive and
| 41

42. CONNECTING GLOBAL PRO
Subscribe
Now

43. OFESSION WITH BUSINESS
SCAN & GET INSPIRED,
STAY UPDATED WITH ALL THE
BUSINESS WORLD BUZZ
WITH MIRROR REVIEW
MAGAZINE